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Detailed Action 

1 . This action is responsive to communication filed on: 25 January 2008 with 
acknowledgement of an original application filed on 31 March 2004. 

2. Claims 1-22, are currently pending in this application. Claims 1, 4, 7, and 15, are 
independent claims. 

Response to Arguments 

3. Applicant's arguments filed 25 January 2008 have been fully considered however they 
are not persuasive. 

I) In response to applicant's argument beginning on page 8, "In contrast, claim 1 recites an 
"said at least one interface processing device [] adapted to forward information to configure at 
least one of said at least one reconfigurable processing device and said at least one interface 
processing device, received by said at least one interface processing device" 

The Examiner disagrees with argument, as shown in Ke col. 4, lines 10-19 the domains 
are configurable or 'reconfigurable' depending on the policy received and authenticated. 

II) In response to applicant's argument beginning on page 9, "Ke does not disclose 
"performing an authentication process on said received information if said received information 
does not comprise data for transmission," as recited in claim 1". 

The Examiner disagrees with argument for multiple reasons. One the applicant is arguing 
a negative limitation that is not in claim 1, nowhere does it state "if said received information 
does not comprise data for transmission". In fact the term "if is note utilized. Second Ke 
teaches authentication of data see col. 2, lines 1-21. 
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Claim Rejections - 35 USC §102 

4. The following is a quotation of the appropriate paragraphs of 35 U.S. C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 
122(b), by another filed in the United States before the invention by the applicant for 
patent or (2) a patent granted on an application for patent by another filed in the United 
States before the invention by the applicant for patent, except that an international 
application filed under the treaty defined in section 351(a) shall have the effects for 
purposes of this subsection of an application filed in the United States only if the 
international application designated the United States and was published under Article 
21(2) of such treaty in the English language. 

5. Claims 1-3, 7-12, and 15-20, are rejected under 35 U.S.C. 102(e) as being anticipated by 
Ke et al. U.S. Patent 7,093,280 (hereinafter '280). 

As to independent claim 1, "An apparatus, comprising: at least one reconfigurable 
processing device; at least one authentication processing device" is taught in '280 col. 1, 
line 65 through col. 2, line 9, note a data processing device in the processing system is equivalent 
to the reconfigurable processing device because the data processing device(s) as taught in '280 
can apply policies received therefore they are reconfigurable. In addition the authentication 
engine is interpreted to be equivalent to the authentication processing device; 

"and at least one interface processing device to be coupled to at least one of said 
reconfigurable processing device and said authentication processing device; wherein the 
apparatus is adapted to forward information to configure at least one of said 
reconfigurable processing device and said interface processing device, received by said 
apparatus, to said authentication processing device to verify that the information came 
from an authorized source" is shown in '280 col. 2, lines 10-18, note the 'interface processing 
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device' is interpreted to be equivalent to the 'controller' that intercepts packets and applies the 
appropriate firewall policies and calls to an authentication engine. 

As to dependent claim 2, "wherein said interface processing device comprises at 
least one of a data firewall and a configuration firewall" is disclosed in '280 col. 5, 
lines 60-67, note when the firewall device acts like a common firewall this is interpreted to be 
equivalent to a 'data firewall' the configuration of the firewall device for each customer's 
policies and security needs is interpreted to be equivalent to a 'configuration firewall'. 

As to dependent claim 3, "wherein said interface processing device includes one or 
more data node registers to configure said data firewall to permit forwarding of data to at 
least one of said at least one reconfigurable processing device" is taught in '280 col. 7, 
lines 7-49, note the interface processing device is interpreted to be equivalent to the controller, 
the one or more data node registers is interpreted to be the allocated security system resources by 
the controller on an as needed basis, and the 'reconfigurable processing devices' are the firewalls 
with respect to the VPNs. 

As to independent claim 7, "A method, comprising: processing received information 
with a processing device specified by said received information if said received information 
comprises data and if the processing device is authorized to process said received 
information" is taught in '280 col. 4, lines 43-46; 

"and performing an authentication process on said received information if said 
received information does not comprise data for transmission" is shown in '280 col. 4, 
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lines 23-28, note the management device processes the received information, the management 
device can perform authentication as well as regulating policies. 

As to dependent claim 8, "wherein said performing an authentication process 
comprises: forwarding said received information to an authentication device if said 
received information comprises a request to authorize one or more processing devices to 
process received information" is taught in '280 col. 7, lines 7-49. 

As to dependent claim 9, "wherein said performing an authentication process 
further comprises: forwarding at least a portion of said received information to a received 
information interface device; and configuring said received information interface device 
based at least in part on said at least a portion of said received information" is taught in 
'280 col. 7, lines 7-49. 

As to dependent claim 10, "wherein said performing an authentication process 
comprises: verifying that said received information is addressed to an authentication 
processing device if said received information comprises processing device configuration 
information; and taking security measures if said received information is not addressed to 
an authentication processing device" is shown in '280 col. 9, lines 41-59. 

As to dependent claim 11, "wherein said taking security measures comprises: re- 
addressing said received information to an authentication processing device" is disclosed in 
'280 col. 8, lines 32-67. 
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As to dependent claim 12, "wherein said taking security measures comprises at least 
one of discarding said received information or performing a reset operation" is taught in 
'280 col. 8, lines 57-58. 

As to independent claim 15, this claims is directed to a machine-accessible medium 
containing software code executed the method of claim 7; therefore it is rejected along similar 
rationale. 

As to dependent claim 16-20, these claims contain substantially similar subject matter to 
claims 8-12; therefore they are rejected along similar rationale. 

Claim Rejections - 35 USC §103 

6. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or 
described as set forth in section 102 of this title, if the differences between the subject 
matter sought to be patented and the prior art are such that the subject matter as a whole 
would have been obvious at the time the invention was made to a person having ordinary 
skill in the art to which said subject matter pertains. Patentability shall not be negatived 
by the manner in which the invention was made. 

7. Claims 4-6, are rejected under 35 U.S.C. 103(a) as being unpatentable over Ke et al. 
U.S. Patent 7,093,280 (hereinafter '280) in further view of Schain et al. U.S. Patent 6,944,706 
(hereinafter '706). 

As to independent claim 4, "A system, comprising: at least one reconfigurable 
processing device; at least one authentication processing device" is taught in '280 col. 1, 
line 65 through col. 2, line 9, note a data processing device in the processing system is equivalent 
to the reconfigurable processing device because the data processing device(s) as taught in '280 
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can apply policies received therefore they are reconfigurable. In addition the authentication 
engine is interpreted to be equivalent to the authentication processing device; 

"at least one interface processing device to be coupled to at least one of said 
reconfigurable processing device and said authentication processing device" is shown in 
'280 col. 2, lines 10-18, note the 'interface processing device' is interpreted to be equivalent to 
the 'controller' intercepts packets and applies the appropriate firewall policies and call the 
authentication engine 

"wherein the system is adapted to forward information to configure at least one of 
said reconfigurable processing device and said interface processing device, received by the 
system, to said authentication processing device to verify that the information came from 
an authorized source" is shown in '280 col. 2, lines 10-18, note the 'interface processing 
device' is interpreted to be equivalent to the 'controller' intercepts packets and applies the 
appropriate firewall policies and call the authentication engine; 

the following is not explicitly taught in '280: "at least one analog front-end device to be 
coupled to at least one of said at least one reconfigurable processing device; and an antenna 
selected from the group consisting of monopole antennas, dipole antennas, antenna arrays, 
loop antennas, planar antennas, and reflector-type antennas" however '706 teaches "Also 
coupled to the common bus 5 15 is a set of output connections for the broadband gateway 500. 
For example, if the broadband gateway 500 provides connectivity to a computer or computer 
network via an Ethernet port or a USB port, then coupled to the common bus 515 would be 
appropriate circuitry (540 and/or 545) for an Ethernet or USB port. Any required software 



Application/Control Number: 1 0/81 3,058 Page 8 

Art Unit: 2134 

support for the network connectivity could be provided in the CPU 520, or in specially designed 
controllers (not shown). If the broadband gateway 500 supports wireless connectivity, then an 
appropriate wireless circuit 550 and an analog front end (AFE) 555, along with an antenna 560 
would be present" in col. 13, lines 4-15. 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
a method using firewall techniques to process data packets taught in '280 to include a means to 
processes external and internal packets. One of ordinary skill in the art would have been 
motivated to perform such a modification because of the need to reduces the duplication of 
modules see '012 (col. 1, lines 59 et seq.). "A fairly common solution to the processing of 
external and local packets is to create two separate modules that are separately responsible for 
processing external packets and local packets. By separating the processing, it is much less likely 
that there would be interference since there is no interaction unless a packet crosses the interface. 
However, the separation of the processes can result in unnecessary duplication of modules, such 
as the communications protocol modules". 

As to independent claim 5, "further comprising: at least one host device to be 
coupled to said at least one interface processing device, the at least one host device adapted 
to provide information to be processed by at least one of said at least one reconfigurable 
processing device" is taught in '280 col. 7, lines 7-49. 

As to independent claim 6, "further comprising: at least one analog front-end 
interface device to couple between at least one of said at least one reconfigurable processing 
device and said at least one analog front-end device" is taught in '706 col. 13, lines 4-15. 
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8. Claims 13, 14, 21, and 22, are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Ke et al. U.S. Patent 7,093,280 (hereinafter '280) in further view of Brownell U.S. Patent 
6,754,831 (hereinafter '831). 

As to dependent claim 13, the following is not explicitly taught in '280: 

"wherein, if said received information comprises processing device configuration 
information, said performing an authentication process comprises: verifying a primary 
signature included in said received information; and verifying a link signature included in 
said received information if said primary signature is valid" however '831 teaches tunnel 
configuration data for a user which include a user signature, note the 'primary signature' is 
interpreted to be equivalent to the user signature' the link signature is interpreted to be equivalent 
to which third party signature authenticators in col. 11, lines 30-51 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
a method using firewall techniques to process data packets taught in '280 to include verify 
configuration changes with signatures. One of ordinary skill in the art would have been 
motivated to perform such a modification because of the disadvantages of most kinds of VPNs to 
selectively provide access to services see '831 (col. 4, lines 4 et seq.). "Yet another disadvantage 
of most kinds of virtual private networks is that users outside the primary network are granted 
similar access to the corporate network. Thus, such virtual private networks are unsuitable for 
common situations where it is desirable to "selectively" provide network access to various users 
on the same host, or to provide the same level of access to the same user on different external 
hosts. For example, an internal host ("clinical information server") in a hospital provides clinical 
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information to clinical users. Patient confidentiality requires that access is generally denied to 
external hosts (i.e. hosts external to the hospital's network). Most virtual private networks do not 
concurrently prevent network access to the clinical server by one set of users, while permitting 
access to another set of users, e.g. doctors". 

As to dependent claim 14, "further comprising: forwarding at least a portion of said 
received information to an intended processing device if said link signature is valid" 

however '831 teaches the signature information is used to authenticate data packets transferred in 
col. 11, lines 30-51; 

"and using said at least a portion of said received information to configure said 
intended processing device" is shown in '280 col. 7, lines 7-49. 

As to dependent claims 21 and 22, these claims contain substantially similar subject 
matter to claims 13 and 14; therefore they are rejected along similar rationale. 

Conclusion 

THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the 
extension of time policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1 .136(a) will be calculated from the mailing date of the advisory action. In no event, 
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however, will the statutory period for reply expire later than SIX MONTHS from the date of this 
final action. 

9. It is noted, PATENTS ARE RELEVANT AS PRIOR ART FOR ALL THEY CONTAIN 
"The use of patents as references is not limited to what the patentees describe as their own 
inventions or to the problems with which they are concerned. They are part of the literature of 
the art, relevant for all they contain." In re Heck, 699 F.2d 1331, 1332-33, 216 USPQ 1038, 1039 
(Fed. Cir. 1983) (quoting In re Lemelson, 397 F.2d 1006, 1009, 158 USPQ 275, 277 (CCPA 
1968)). A reference may be relied upon for all that it would have reasonably suggested to one 
having ordinary skill the art, including nonprcfcrrcd embodiments (see MPEP 2123). 
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10. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Ellen C Tran whose telephone number is 
(571) 272-3842. The examiner can normally be reached from 7:30 am to 4:00 pm. If attempts 
to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Kambiz Zand 
can be reached on (571) 272-38 1 1 . The fax phone number for the organization where this 
application or proceeding is assigned is (571) 273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 



/ELLEN TRAN/ 

Primary Examiner, Art Unit 2134 

14 April 2008 



